[pacman-dev] [PATCH v3 2/3] signing: add ability to import keys using a WKD

Allan McRae allan at archlinux.org
Mon Oct 7 01:21:37 UTC 2019


On 3/10/19 12:40 am, Jonas Witschel wrote:
> Currently pacman relies on the SKS keyserver network to fetch unknown
> PGP keys. These keyservers are vulnerable to signature spamming attacks,
> potentionally making it impossible to import the required keys. An
> alternative to keyservers is a so-called Web Key Directory (WKD), a
> well-known, trusted location on a server from where the keys can be
> fetched.
> 
> This commit adds the ability to retrieve keys from a WKD. Due to the
> mentioned vulnerabilities, the WKD is tried first, falling back to the
> keyservers only if no appropriate key is found there.
> 
> In contrast to keyservers, keys in a WKD are not looked up using their
> fingerprint, but by email address. Since the email address of the
> signing key is usually not included in the signature, we will use the
> packager email address to perform the lookup.
> 
> Also see FS#63171.
> 
> Signed-off-by: Jonas Witschel <diabonas at archlinux.org>
> ---
>  lib/libalpm/signing.c | 96 +++++++++++++++++++++++++++++++++++++------
>  1 file changed, 83 insertions(+), 13 deletions(-)
> 

Thanks - looks good apart from one change I made:


> +		/* Try to import the key from a WKD first */
> +		email_from_uid(uid, &email);
> +		ret = key_import_wkd(handle, email);


  CC       libalpm_la-signing.lo
signing.c: In function ‘_alpm_key_import’:
signing.c:285:12: error: ‘email’ may be used uninitialized in this
function [-Werror=maybe-uninitialized]
  285 |  gpg_err = gpgme_get_key(ctx, email, &key, 0);
      |            ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
signing.c:506:8: note: ‘email’ was declared here
  506 |  char *email;
      |        ^~~~~
cc1: all warnings being treated as errors




if(email_from_uid(uid, &email) == 0) {
	ret = key_import_wkd(handle, email);
}


More information about the pacman-dev mailing list